Malware
Patcher
aka FileCoder · Findzip
This crypto-ransomware for macOS was caught spreading via BitTorrent distribution sites in February 2017, masquerading as 'Patcher', an application used for pirating popular software like Adobe Premie
Patcher, also known as FileCoder, Findzip, is a macOS malware family.
Background
This macOS crypto-ransomware surfaced on BitTorrent distribution sites in February 2017, disguised as 'Patcher', a tool purportedly for cracking popular applications such as Adobe Premiere Pro or Microsoft Office for Mac.
The torrent delivered an application bundle packaged as a single zip file. Once the bogus application was opened, the main window of the fraudulent cracking utility appeared.
Encryption began when the deceived victim pressed 'Start'. On execution, the ransomware produced a random 25-character string and used it as the RC4 key to encrypt all of the victim's files, then demanded a Bitcoin payment according to a 'README!' .txt file scattered throughout the user's directories.
Although the instructions were detailed, Patcher had no capability to reach any C&C server, meaning its operators could never decrypt the affected files. Because the randomly generated key was also too long to crack by brute force, the encrypted data was effectively unrecoverable within any practical timeframe.
Source: Malpedia (Fraunhofer FKIE).